A new form of ransomware has made an appearance called “GPCODE Ransomware”
It dumps a text file called “how to get data” which infects and locks all files.
GPCODE Ransomware infects your PC via:
- Malicious URLs.
- Malicious e-mail attachments.
Since this particular ransomware also known as the JOKE virus is reported to infect servers which have Citrix environment. GPCODE is also reported to spread and encrypt shared files between the devices in the network. This is why one compromised computer by GPCODE is a risk to the whole network.
Regarding the files it aims to encrypt, GPCODE is oriented towards as many commonly used file extensions as possible.
It uses the .LOL file extension after it encrypts the data, for example: Text Document.txt.LOL
A copy of the note left behind is below: